The results are in: we’re officially a Leader in the IDC MarketScape for Worldwide Emerging MDR


No matter the size or degree of established security operations, organizations in every industry are confronted with a similar challenge: the need to protect their customers’ (and their own) valuable systems and data in the face of a constantly evolving threat landscape. But finding a provider that serves as a strategic security partner, not just another vendor, is daunting—especially in a market as crowded as managed detection and response (MDR).

Expel was recently named a Leader in the IDC MarketScape: Worldwide Emerging Managed Detection and Response Services 2024 Vendor Assessment (doc #US50101523, April 2024). The report provides a clear framework to evaluate MDR providers based on their product and service offerings, capabilities and strategies, and current and future success factors.

Here are some areas where we believe really shine.

100% transparent security operations

Expel operates on a transparency model, which, as you probably know, is pretty much unheard of in cybersecurity. We provide customers complete visibility into our security operations, even sharing an interface with customers within our purpose-built security operations platform, Expel Workbench™.

Our unique approach allows customers to follow along with investigations in real-time—as actively or passively as they choose. This means Expel customers can opt to jump into action the moment an incident occurs alongside our security operations center (SOC) analysts to develop remediation plans, or they can remain hands-off.

This approach ensures our own accountability and builds trust in the process, empowering customers to actively engage and ask questions. As the report notes, this collaboration also makes Expel stronger, providing us with invaluable customer context that leads to faster alert triage (less than 2 minutes mean-time-to-touch [MTTT]) and remediation (more on this below). Instead of operating as a black box, our open collaboration in Expel Workbench—which serves as both an internal and external tool—makes us a true strategic security partner for our customers.

AI- and automation-driven innovation

The IDC MarketScape emphasizes the importance of automation for MDR services to enable rapid alert enrichment, efficient triage, and automated response actions. This bodes well for us, because an obsession with continuous innovations through AI and automation is at our core—and Workbench is our backbone.

Workbench seamlessly integrates AI-based enrichment, correlation, and investigation activities, equipping security teams with the necessary tools to detect and respond to security incidents quickly and efficiently. According to the IDC MarketScape, “Expel’s AI-based tiers 1 and 2 SOC-automated enrichment, correlation, and investigative activities, integrated within its proprietary security platform Workbench and machine learning analysis, allow for rapid alert triage at scale. Customers benefit from complete visibility into Expel Workbench, providing them with the same view as Expel’s SOC analysts.”

Plus, with the help of RuxieTM—our AI SOC analyst responsible for alert enrichment, triage, and automated responses—we can prioritize and automate the tedious tasks to streamline processes and give security teams space to make the final judgment calls best suited to human expertise. In this way, we empower orgs to optimize strategies and improve their overall security posture.

All this innovation translates into positive outcomes, like our sub-23-minute mean-time-to-respond (MTTR), which is among the best in cybersecurity.

Extensive coverage across environments

Our goal is to meet you where you are in your security maturity journey now, and into the future. That means that as your security program expands, we evolve with you. The report notes, Expel’s MDR service is characterized by its technology-agnostic approach, boasting over 120+ native integrations for monitoring diverse environments, including endpoint detection response, identity and access, cloud control plane, cloud workload (K8), network, SaaS, and more across the technology landscape.”

Our extensive integrations portfolio also makes it easy for organizations to get the exact coverage they need, even as they grow—adopting new tech or expanding to new attack surfaces. We cover everything from endpoint detection and response (EDR) systems, identity and access management (IAM) tools, cloud control planes, cloud workloads, SaaS applications, and on-premises infrastructure, so wherever your roadmap takes you, we stay in lockstep.

What this means for you

There’s a whole lot of good intel in the IDC MarketScape for Worldwide Emerging MDR (and we’re not just saying that because we’re a Leader). The report digs into the strengths and challenges of providers in the market, helping decision-makers form a meaningful opinion about the MDR options in this crowded space.

The IDC MarketScape report noted, “Organizations of all sizes, with or without established SOC operations, looking to outsource threat management should consider Expel’s MDR offering.” But we encourage you to download the report excerpt to see why Expel was named a Leader. And if you have any questions about how Expel does MDR, or if whether we’re the right fit for your org, give us a shout.